CVE-2018-2753

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Python modules. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

CVE-2018-2753

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Python modules. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

Design/Logic Flaw

Vulnerability in the Solaris component of Oracle Sun Systems Products Suite subcomponent: Python modules. The supported version that is affected is 11.3. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Solaris executes to compromise Solaris...

CVE-2018-2753

CVE-2018-2753 affects Oracle Solaris (Solaris component of Oracle Sun Systems Products Suite), specifically the Python modules subcomponent in Solaris 11.3. The root cause is a vulnerability in the Python modules that allows a low-privileged, logon-attached attacker to compromise Solaris, with us...

Hardcoded credentials

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules...

CVE-2018-7241

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules...

CVE-2018-7242

Vulnerable hash algorithms exists in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules. The algorithm used to encrypt the password is vulnerable to hash collision attacks...

CVE-2018-7241

CVE-2018-7241 affects Schneider Electric Modicon Premium, Quantum, M340, and BMXNOR0200 controllers. The issue is hard-coded accounts present in all versions of the devices’ communication modules, enabling unauthorized access via the FTP/communication interfaces. The underlying risk is high (desc...

CVE-2018-7241

Hard coded accounts exist in Schneider Electric's Modicon Premium, Modicon Quantum, Modicon M340, and BMXNOR0200 controllers in all versions of the communication modules...

Oracle Sun Solaris has an unspecified vulnerability (CNVD-2018-09049)

Oracle Sun Solaris is a Unix operating system originally developed by Sun Microsystems. An unspecified vulnerability exists in the Python modules component of Oracle Sun Solaris. An attacker could exploit this vulnerability to compromise confidentiality and integrity...

Debian DLA-1349-1 : linux-tools security update

This update doesn't fix a vulnerability in linux-tools, but provides support for building Linux kernel modules with the 'retpoline' mitigation for CVE-2017-5715 Spectre variant 2. This update also includes bug fixes from the upstream Linux 3.2 stable branch up to and including 3.2.101. For Debian...

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

CVE-2018-5506

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

Authorization

In F5 BIG-IP 13.0.0, 12.1.0-12.1.2, 11.6.1, 11.5.1-11.5.5, or 11.2.1 the Apache modules apacheauthtokenmod and modauthf5authtoken.cpp allow possible unauthenticated bruteforce on the emserverip authorization parameter to obtain which SSL client certificates used for mutual authentication between...

CVE-2018-5506

CVE-2018-5506 affects F5 BIG-IP: Apache modules apache_auth_token_mod and mod_auth_f5_auth_token.cpp allow unauthenticated brute-forcing of the em_server_ip authorization parameter to disclose which SSL client certificates are used for mutual authentication between BIG-IQ/EM and managed BIG-IP de...

CMS Made Simple Arbitrary File Deletion Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS developed by CMSMS team. The system supports role-based permission management system , wizard-based installation and update mechanism , intelligent caching mechanism , etc. admin dashboard is one of the administration panel . A...

CVE-2018-4878 case: for a Hong Kong Telecommunications Company website is intrusion investigations-vulnerability and early warning-the black bar safety net

! Earlier, a researchers found that a Hong Kong Telecommunications Company website hacking attack, 3 May 21, Morphisec laboratory on the site of attack to carry out the investigation, investigators eventually found that the telecommunications company of the Group's official website was hacked, th...

Node.js third-party modules: [localhost-now] bypassing url filter which leads to read content of arbitrary file

Hi guys, i can bypass url filter in localhost-now module. It allows to read content of arbitrary files on the remote server. Module module name: localhost-now version: 1.0.2 npm page: https://www.npmjs.com/package/localhost-now Module Stats 26 downloads in the last week Vulnerability Description...

Node.js third-party modules: npm packages that overlap with core node packages

Hi, I have posted here, but I wanted to make you aware of this easy social engineering trick. I do not want to claim any of these are currently malicious, but it they easily could be. Thanks, Marc Impact The attacker could do anything...use the postinstall as the user, work the same as steal data...

Node.js third-party modules: [buttle] HTML Injection in filename leads to XSS when directory listing is displayed in the browser

I would like to report HTML Injection in buttle module. Due to lack of filenames sanitization, it is possible to inject malicious iframe tag via filename and execute arbitray JavaScript code. Module module name: buttle version: 0.2.0 npm page: https://www.npmjs.com/package/buttle Module Descripti...